[Openid-specs-fapi] Issue #656: Crete terms and definition as well as the abbreviations for the attacker model document (openid/fapi)
Nat
issues-reply at bitbucket.org
Tue Jan 9 07:55:29 UTC 2024
New issue 656: Crete terms and definition as well as the abbreviations for the attacker model document
https://bitbucket.org/openid/fapi/issues/656/crete-terms-and-definition-as-well-as-the
Nat Sakimura:
**3. Terms and definitions**
For the purposes of this document, the terms and definitions given in RFC6749 and OpenID Connect \[OIDC\] and the following apply.
**3.1**
**A1**
web attacker
Note to entry: Refer to subclause x.a for its capability.
**3.2**
**A1a**
web attacker participating as authorization server
Note to entry: Refer to subclause x.b for its capability.
**3.3**
**A2**
network attacker
Note to entry: Refer to subclause x.c for its capability.
**3.4**
**A3a**
attacker at the authorization endpoint with read authorization request capability
Note to entry: Refer to subclause x.d for its capability.
**3.5**
**A5**
attacker at the token endpoint with read and tamper with token requests and responses capability
Note to entry: Refer to subclause x.e for its capability.
**3.6**
**A7**
attacker at the resource server with read resource requests capability
Note to entry: Refer to subclause x.f for its capability.
More information about the Openid-specs-fapi
mailing list